nixos/modules/base/ssh.nix

{ ... }: {
  services.openssh = {
    enable = true;
    # Security by obscurity? Nah, but it certainly reduces the logs volume.
    # Also, port 222 still requires root to bind.
    ports = [ 222 ];
    settings = {
      PasswordAuthentication = false;
    };
  };

  users.users.caspervk = {
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPB/qr63FB0ZqOe/iZGwIKNHD8a1Ud/mXVjQPmpIG7pM caspervk@omega"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII71DKQziktCkyMAmL25QKRK6nG2uJDkQXioIZp5JkMZ caspervk@zeta"
    ];
  };

  environment.persistence."/nix/persist" = {
    files = [
      "/etc/ssh/ssh_host_ed25519_key"
      "/etc/ssh/ssh_host_ed25519_key.pub"
      "/etc/ssh/ssh_host_rsa_key"
      "/etc/ssh/ssh_host_rsa_key.pub"
    ];
  };
}
Base 2023-08-01 15:35:09 +02:00			`{ ... }: {`
			`services.openssh = {`
			`enable = true;`
explain 2023-08-25 00:57:42 +02:00			`# Security by obscurity? Nah, but it certainly reduces the logs volume.`
			`# Also, port 222 still requires root to bind.`
Base 2023-08-01 15:35:09 +02:00			`ports = [ 222 ];`
			`settings = {`
			`PasswordAuthentication = false;`
			`};`
			`};`

move openssh authorized keys to the ssh module 2023-08-25 01:00:07 +02:00			`users.users.caspervk = {`
			`openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPB/qr63FB0ZqOe/iZGwIKNHD8a1Ud/mXVjQPmpIG7pM caspervk@omega"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII71DKQziktCkyMAmL25QKRK6nG2uJDkQXioIZp5JkMZ caspervk@zeta"`
			`];`
			`};`

Base 2023-08-01 15:35:09 +02:00			`environment.persistence."/nix/persist" = {`
nix fmt 2023-08-01 16:55:53 +02:00			`files = [`
			`"/etc/ssh/ssh_host_ed25519_key"`
			`"/etc/ssh/ssh_host_ed25519_key.pub"`
			`"/etc/ssh/ssh_host_rsa_key"`
			`"/etc/ssh/ssh_host_rsa_key.pub"`
			`];`
Base 2023-08-01 15:35:09 +02:00			`};`
			`}`